On Wed, Feb 4, 2009 at 5:02 PM, Ruediger Pluem <[email protected]> wrote:
> > > On 02/04/2009 10:44 PM, Jeff Trawick wrote: > > On Wed, Feb 4, 2009 at 11:09 AM, Mladen Turk <[email protected]> wrote: > > > >> Hi, > >> > >> I would like to commit this module to trunk. > >> It's a watchdog module that creates a worker threads > >> either in parent, child via an API, and it's not for > >> standalone use, but for other module usage like > >> mod_heartbeat, probably mod_jk and others that need > >> maintenance threads. > > > > > > It seems scary to me to have the MPM parent on Unix forking children > while a > > separate thread in that same process is running arbitrary code. > Surprising > > problems can crop up when this arbitrary code is in certain states (maybe > a > > mutex gets inherited in held state by the new MPM child?) > > This seems to be a very valid concern to me. Plus in the parent it runs > with root > privileges and we should minimize the code that runs with these privileges, > even > more so as an author of code that uses the watchdog may not really be aware > that > its code is running under root (in contrast to people who develop modules > like > mod_unixd and mod_privileges). > > So we shouldn't run this in the parent process but only in the childs or > fork a > separate child (like mod_cgid does) that only runs the watchdog if a > single-instance-non-locking watchdog is needed. > Taking this just a little further: Replace the parent-process-monitor-thread flavor with one that only promises to run outside of child processes serving requests. On Unix this will run in a separate child (potentially using one child for all such monitor threads) but on Windows PERHAPS it is reasonable to run in the Apache parent.
